data-breach class action

Subscribe to data-breach class action via RSS

Ohio is poised to lead the nation by incentivizing businesses to implement certain cybersecurity controls, which can be an affirmative defense to a data breach claim based on negligence. Under the proposed legislation, if a business is sued for negligently failing to implement reasonable information security controls resulting in a data breach, the business can assert its compliance with the cybersecurity control as an affirmative defense at trial.

For years we have counseled our clients to implement a comprehensive data
Continue Reading Cybersecurity: An Affirmative Defense to Ohio Data Breach Negligence Claims

Two recent cases and NetDiligence’s 2015 Cyber Claims Study suggest that every organization that collects personally identifiable information from consumers should consider buying cyber insurance. PII-Image-672x372

Consumer businesses, non-profits, and government-run utilities often collect consumer personally identifiable information, such as full names, dates of birth, social security numbers, account user names and passwords, etc., in the course of their operations. Many states regulate how such personally identifiable information can be collected, recorded, stored, used, and disposed. If your organization does business
Continue Reading Cyber Insurance: Why You Need It If Your Organization Collects Consumer Data

The Seventh Circuit’s ruling in Remijas v. Neiman Marcus Group, LLC may have removed a substantial hurdle for data-breach class actions (as we previously discussed) by holding that “injuries associated with resolving fraudulent charges and protecting oneself against future identity theft” were sufficient to confer Article III standing.  But does that ruling remove all of the major obstacles to data-breach class actions?  Absolutely not.  There are still additional daunting hurdles in a plaintiff’s path to obtaining class certification
Continue Reading Remijas v. Neiman Marcus—Overhyped and Overblown